Missing User Warnings
Medium
- Confidence
- 96% confidence
- Finding
- The skill instructs users to pass the API key directly on the command line, which can expose the secret through shell history, process listings, logs, and telemetry. In this context the key grants access to a third-party API rather than the host system, so the impact is limited compared with system credentials, but unauthorized use and quota theft are still realistic risks.
